Loading...

Data Security Policies

This policy outlines the expectations and responsibilities for both users and managers of the University’s Information Technology (IT) environment including data are created or transmitted by, maintained on or accessed via IT Resources.

Identification and classification of university data are essential for ensuring that the appropriate degree of protection is applied to university data. All Purdue University data will be reviewed on a periodic basis and classified according to its use, sensitivity, and importance to the University and in compliance with federal and/or state laws, including but not limited to, the Family Educational Rights and Privacy Act (FERPA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), the Gramm-Leach-Bliley Act (GLBA), and the Indiana Access to Public Records Act regarding appropriate use of data according to such laws.

Administrative data is owned by the University and should be shared appropriately to meet the needs of the University and its customers. Data is to be managed by a Data Steward as a University resource and asset. Protecting such information is driven by a variety of considerations including legal, academic, financial, and other business requirements.

The University’s administrative data is organized by the area responsible for it. Items links to the detailed description and classification of that data. A summary of restricted data is also available.

“Handling” information is when you view, use, update, delete, or destroy data. It also relates to when you transfer the data from one location to another. Data can be in paper or electronic form. Based upon how data is classified (Public, Sensitive or Restricted) and its form, that data may have certain precautions which need to be taken when handled. These handling requirements represent the minimum requirements for handling of data in any format at Purdue University and individual areas may establish more stringent data handling procedures.

This policy ensures that Purdue University protects the privacy of Student Education Records in accordance with federal law and regulations and complies with requirements imposed on recipients of federal funding under programs of the U.S. Department of Education. As such, Education Records and Personally Identifiable Information will be released only with the signed consent of the Student, except in those instances outlined in the Procedures.

Purdue University is a Hybrid Entity under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Purdue acknowledges its general obligations of trust and confidentiality reposed in its employees and students who are responsible for medical or mental health treatment at the University.

The primary purpose of this Social Security Number policy is to ensure that the necessary procedures and awareness exist so that University employees and students comply with both the letter and the spirit of FERPA and Indiana Code.